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CAUTION CAUTION 


Disconnect power before To ensure reliable operation and to prevent overheating, 


servicing. provide adequate ventilation for this modem and keep it 
away from heat sources. Do not locate near heat registers 


or other heat-producing equipment. Provide for free air 
This device is intended for 


flow around the Wireless Gateway and its power supply. 


indoor operation only. 
Telephone jacks Line 1 and 
Line 2 must not be connected 


to outside wiring. 


C 
FE 
Mi 


CEz 


This symbol on the product ensures that the device complies with European legislation, Directive 89/336/EEC, 
73/23/EEC, 93/68/EEC, which covers the EMC (electromagnetic compatibility), and safety aspects of marking. 


This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions : (1) this 
device may not cause harmful interference, and (2) this device must accept any interference received ; including 
interference that may cause undesired operation. 


This symbol means that your inoperative electronic appliance must be collected separately and not mixed with 
the household waste. The European Union has implemented a specific collection and recycling system for which 
producers’ are responsible. 


This appliance has been designed and manufactured with high quality materials and components that can be 
recycled and reused. Electrical and electronic appliances are liable to contain parts that are necessary in order for 
the system to work properly but which can become a health and environmental hazard if they are not handled or 
disposed of in the proper way. Consequently, please do not throw out your inoperative appliance with the 
household waste. 


If you are the owner of the appliance, you must deposit it at the appropriate local collection point or leave it with 
the vendor when buying a new appliance. 


- If you are a professional user, please follow your supplier's instructions. 
- If the appliance is rented to you or left in your care, please contact your service provider. 


Help us protect the environment in which we live! 
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NORTH AMERICAN CABLE INSTALLER: 

This reminder is provided to call your attention to Article 820-40 of the National Electrical Code (Section 
54 of the Canadian Electrical Code, Part 1) which provides guidelines for proper grounding and, in 
particular, specifies that the cable ground shall be connected to the grounding system of the building as 
close to the point of cable entry as practical. 


Operating Information 
Operating Temperature: 0° - 40° C (32° - 104° F) 


Storage Temperature: -20° to 70°C (-4° — 157° F) 


If you purchased this product at a retail outlet, please read the following: 


Product Information 

Keep your sales receipt to obtain warranty parts and service and for proof of purchase. Attach it here and 
record the serial and model numbers in case you need them. The numbers are located on the back of the 
product. 


Model No. Serial No 
Purchase Date: Dealer/Address/Phone: 
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Safety Recommendations 


REMEMBER SAFETY FIRST 
Using equipment safely 


Your Cable Modem has been manufactured to meet safety standards, but you must take care if you want it 
to perform properly and safely. 


It is important that you read this booklet completely, especially the safety instructions below. If you have 
any doubts about the installation, operation or safety of decoder, please contact your supplier. 


To avoid the risk of electric shock 


e Disconnect the Cable Modem from the mains supply before you connect the Cable Modem to (or 
disconnect it from) any other equipment. Remember that contact with 110 ~ 240 Volt AC mains can 
be lethal or cause severe electric shock. 


e Never remove the Cable Modem’s cover. Should the Cable Modem fail, contact the Customer Service 
to arrange repair or service. 


e Never allow anyone to push anything into holes, slots or any other opening in the case 
e Do not block the Cable Modem’s ventilation slots; never stand it on soft furnishings or carpets 


e Do not put anything on the Cable Modem which might spill or drip into it (eg. Lighted candles or 
containers of liquids). Do not expose the Cable Modem to dripping or splashing. If an object or liquid 
enters inside the Cable Modem, unplug it immediately and contact the Customer Service. 


e Do not store the Cable Modem in excessively hot, cold or damp conditions. The Cable Modem is 
intended to operate at an ambient temperature of less than 40 degrees Celsius and a maximum 
humidity level of 75%. In case of a storm, it is recommended that you unplug the Cable Modem from 
the mains and from the R/F Network. 


e Leave the mains socket accessible so that you can unplug the set quickly 


Connecting to the mains supply 


e This Cable Modem is designed to operate at 110 ~ 240 VAC. 


e If you are in any doubt about the mains lead, the plug or connection, please consult the Customer 
Service. 


e Only the power adapter supplied with the decoder has to be used 


Ensuring optimum performance 


e Leave 7cm to 10cm around the Cable Modem to ensure that proper ventilation gets to the Cable 
Modem. 
e Do not store your Cable Modem on its side (if not allowed) 


e To clean the Cable Modem, use a dry, clean soft cloth with no cleaning solvent or abrasive products. 
Clean the ventilation openings regularly. 
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MAIN TECHNICALSPECIFICATIONS 


General 
Operating voltage 110 ~ 240 VAC 
Typical Power consumption 12 W max 
Dimensions (W x H x D) 17.7*14.2*4.8 cm 
Operating temperature range 0-40°C 
Storage temperature range -20 — 70 °C 
AC adapter (or plug-in adapter) ADAPTER 18W 12VDC/1.0A 
type 
Connections 
DC input 12V/1A 
Cable input 1xCoaxial cable connector 
Ethernet plugs AxRJ-45 


C This symbol on your set guarantees that your product complies with the European Directives 1999/5/ECand 


2009/125/EC on Safety, Telecom, Electromagnetic Compatibility and Energy related Products. 


The Lightning Flash with arrowhead symbol within an equilateral triangle, is intended to alert 
/\ the user to the presence of uninsulated "dangerous voltage" within the product enclosure that 
may be of sufficient magnitude to constitute a risk of shock to persons. 


of important operating and maintenance (servicing) instructions in the literature accompanying 


j The exclamation point within an equilateral triangle is intended to alert the user to the presence 
the product. 
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CHAPTER 1: CONNECTIONS AND SETUP 


Turning on the Wireless Gateway 


After installing the Wireless Gateway and turn it on for the first time (and each time the modem is 
reconnected to the power), it goes through several steps before it can be used. Each of these steps is 
represented by a different pattern of flashing lights on the front of the modem. 


If there is no lighted LEDs on the front panel, check the power adapter plug-in the power jack and 
connect to CM correctly. 


Note: All indicators flash once before the initialization sequence. 


If both DS and US LEDs are flashing, it means the Wireless Gateway is automatically updating its system 
software. Please wait for the lights to stop flashing. Do not remove the power supply or reset the Wireless 
Gateway during this process. 


Introduction 


Wireless Gateway Features 

e CableLabs DOCSIS 1.0/1.1/2.0 Standard Compliant. 

e 4x Standard RJ-45 connector for 10/100BaseT Ethernet with auto-negotiation and MDIX functions; 
Support maximum Ethernet cable length up to 100m (Category 5). 

Support data communications. 

Transparent bridging for IP traffic. 

RSA and 56 bit DES data encryption security. 

SNMP network management support. 

Remote operating firmware downloading. 

Support Web pages and private DHCP server for status monitoring. 

Propane™ technology supported, enabling the connection of more Internet users without additional 
network bandwidth. 
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What’s on the CD-ROM 


Insert the Wireless Gateway CD-ROM into your CD-ROM drive to view troubleshooting tips, the internal 
diagnostics, and other valuable information. 


CD-ROM Contents: 
e Electronic copy of this user’s guide in additional languages (PDF format) 


e Adobe Acrobat Reader — application you can load to read PDF format, if you don’t have it 
loaded already 


e Links to Technicolor web site 


Computer Requirements 

For the best possible performance from your Wireless Gateway, your personal computer must meet the 
following minimum system requirements (note that the minimum requirements may vary by cable 
companies): 


IBM PC COMPATIBLE MACINTOSH** 
CPU Pentium preferred PowerPC or higher 
System RAM 16MB (32MB preferred) 24MB (32MB preferred) 
Operating System Windows* NT / 2000 /Me/ XP/ Mac OS** 7.6.1 or higher 
Vista / Windows 7, Linux 
Video VGA or better (SVGA preferred) VGA or better (SVGA built-in preferred) 
CD-ROM Drive Required Required 
Ethernet 10BaseT , 100BaseT or 1000BaseT 10BaseT , 100BaseT or 1000BaseT 


An Ethernet card makes it possible for your computer to pass data to and from 
the internet. You must have an Ethernet card and software drivers installed in 
your computer. You will also need a standard Ethernet cable to connect the 
Ethernet card to your Wireless Gateway. 


Software e A TCP/IP network protocol for each machine 


e Microsoft Internet Explorer 4.0 or later or 
Netscape Navigator 4.0 or later. 


* Windows is a trademark of Microsoft Corporation. 


** Macintosh and the Mac OS are trademarks of Apple Computer, Inc. 
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Wireless Gateway Overview 


Front Panel 


US Online ——— Link 


Power Ds 
A 7 
0) [4 oo one 
| oe ) 
a | eat 
Fig. 1-1 Front Panel 
The following illustration shows the front panel: 
( | ) Power - Indicates the Power status. 
rt DS - Indicates the status of Data reception by the cable modem from the Network 
(Downstream Traffic). 
4 US - Indicates the status of Data transmission by the cable modem to the Network 
= (Upstream Traffic). 


Online - Displays the status of your cable connection. The light is off when no 
cable connection is detected and fully lit when the modem has established a 
connection with the network and data can be transferred. 


BE 
as) Link - Indicates the state of Ethernet ports. 
(p) Wireless - Indicates the traffic on the wireless network. 


WPS - Indicates the status of the WPS functionality. 
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The lights on the front panel LEDs are described in the table below (from left to right): 
ON = the LED is light, OFF = the LED is gray, FLASH = the LED is blinking. 


Intemet | Ethemet 


Wireless WPS. Description 
DS US Online| 1 2 3 
ON | ON | ON | ON X X |Poweron 0.25 sec 
ON 0.25 second 
Boot-up FLAS] FLAS From power ON to system 
Operatio| ON H q en) A Be RS |e x X | initia lization complete 
n 
ON |} ON} ON Following system initia lization 
ON X X X X X X jcomplete to (before) 
lsecond DS scanning 
FLAS During DSscanning and acquiring 
ON 4 X X X X X X SYNC 
FLAS From SYNC completed, receiving 
on i H x . - ‘ m z UCD to ranging completed 
During DHCP, configuration file 
DOCSIS download, registration, and Baseline 
Start-up Privacy initialization: 
Operatio| ON ON | ON |FLASH| X X X X X X |DHCP status: 1 second ON and 1 
n second OFF, 
TFIP status: 0.25 second ON and 0.25 
second OFF 
ON ON | ON) ON X X X X X X |Operational (NACO=ON) 
ON is be X X X X X X |Operational (NACO=0 FF) 
ON X X X ap i ee gin X X |Ethemet Link 
CPE TX/RX Ethemet Tra ffic 
Operatio H | H | H | H 
n 
ON X X X X X X X ON X Wireless Link 
FLASH TX/RX Wireless Tra ffic 
SW 
POT FLAS| FLAS A software download and while 
g ey H H ou ‘ ’ updating the FLASH memo 
Operatio P 9 ry 
n 
(long press, >5 seconds) 
WPS WiFi association during client 
FLAS/and AP linking process, WPS LED 
H |Orange colorlight Blinking. 
WPS 
Operatio| ON <CM Nomal Operation> After link established WPS LED Green 
n on |Colorlight ON 


(short press,1- 3 seconds) 


ON Enable WiFi transmission 


Table 1-1 LED behavior 
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Rear Panel 


Fig. 1-2 Rear Panel 


Connector Description 

POWER Jack Connector for DC12V 

ETHERNET 4 Ethernet ports, RJ-45, 10/100BaseT connector 
RESET To restart the modem 

CABLE Connector for the cable network 


Table 1-2 Rear Panel description 


Side Panel for WPS 


Fig. 1-3 Side Panel 


WPS - Indicates the status of the WPS functionality. 


WPS button: Wi-Fi Protected Setup’. This button can be used to: 


Secure the connection with another device (PC for example) using WPS protocol. A long press (press 
2 more seconds) on the button allows you to enable the association of the modem with a PC or other 
equipment. 


After link establish. A short press on the button, switch on/off Wi-Fi. 
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Wall Mounting 
This article will show the user through the process of wall-mounting the Wireless Gateway 


The Adapter has two wall-mount slots on its back panel. 


Two screws are needed to mount the Adapter. 


| 

| 

\ 
| 
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O 
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oO 
oO 
O 


O@0O0000000 
OO00000000 
eO00000000 
OO000000000 

oR oR onokekeon=i2Hek eke enon enenen ene) 
lok on eokeokeokon<k- Ren enenenenenenenene) 
COOOVODVDODOGSGO0COOCOO0O008 
loon okeokekoRs kee er eoneneonenenenenen?) 
look okokeonen oh on en enenenenenenenene) 
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OCOO00N0CRGGO00CO0C0O0O0000 
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Fig. 1-4 Wall Mounting 


1. Ensure that the wall you use is smooth, flat, dry and sturdy and use the 2 screw holes 
which are 101.6 mm (4 inches) apart from each other. 


2. Fix the screws into wall, leaving their heads 3 mm (0.12 inch) clear of the wall surface. 


3. Remove any connections to the unit and locate it over the screw heads. When in line, 
gently push the unit on to the wall and move it downwards to secure. 
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Relationship among the Devices 


This illustration shows a cable company that offers DOCSIS and PacketCable compliant voice/data 
services. 


FEE P. PF FP 


EMTA Gateway FFE P. 


FFF? FFF? 
Internet 

Cable Company 
(Internet Service Provider) 


Computer, Phone, and Fax 


Fig. 1-5 Connection overview 


What the Modem Does 


The Wireless Gateway provides high-speed Internet access as well as cost-effective, toll-quality telephone 
voice and fax/modem services over residential, commercial, and education subscribers on public and 
private networks via an existing CATV infrastructure. It can inter-operate with the PacketCable compliant 
head-end equipment and provide the IP-based voice communications. The IP traffic can transfer between 
the Wireless Gateway and DOCSIS compliant head-end equipment. The data security secures upstream 
and downstream communications. 


What the Modem Needs to Do Its Job 


@ The Right Cable Company: Make sure your local cable company provides data services that use 
cable TV industry-standard DOCSIS compliant and PacketCable compliant technology. 


@ The Internet/Telephony Service Provider (ISP/TSP): Your cable company provides you access 
to an Internet Service Provider (ISP) and Telephony Service Provider (TSP). The ISP is your 
gateway to the Internet and provides you with a pipeline to access Internet content on the World 
Wide Web (WWW). The TSP provides you with telephony access to other modems or other 
telephony services over the Public Switched Telephone Network (PSTN). 


Check with your cable company to make sure you have everything you need to begin; they’ ll know if you 
need to install special software or re-configure your computer to make your cable internet service work 
for you. 
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Contact Your Local Cable Company 


You will need to contact your cable company to establish an Internet account before you can use your 
gateway. You should have the following information ready (which you will find on the sticker on the 
gateway): 


e The serial number 
e The model number 
e The Cable Modem (CM) Media Access Control (MAC) address 


e Security information: Service Set Identifier (SSID), Encryption key / passphrase (WPA2-PSK by 
default), channel number. Default values are indicated underneath the modem on the sticker. 


Please check the following with the cable company 
@ The cable service to your home supports DOCSIS compliant two-way modem access. 


@ Your internet account has been set up. (The Media Terminal Adapter will provide data service if 
the cable account is set up but no telephony service is available.) 


@ You have a cable outlet near your PC and it is ready for Cable Modem service. 


Note: It is important to supply power to the modem at all times. Keeping your modem plugged in will 
keep it connected to the Internet. This means that it will always be ready whenever you need. 


Important Information 
Your cable company should always be consulted before installing a new cable outlet. Do not attempt any 
rewiring without contacting your cable company first. 


Please verify the following on the Wireless Gateway 
The Power LED should be lighted when plug-in the power supply. 


Connecting the Wireless Gateway to a Single Computer 


This section of the manual explains how to connect your Wireless Gateway to the Ethernet port on your 
computer and install the necessary software. Please refer to Figure 1-7 to help you connect your Digital 
Cable Modem for the best possible connection. 
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Attaching the Cable TV Wire to the Wireless Gateway 


1. Locate the Cable TV wire. You may find it one of three ways: 


a. Connected directly to a TV, a Cable TV converter box, or VCR. The line will be connected to 


the jack, which should be labeled either IN, CABLE IN, CATV, CATV IN, etc. 


b. Connected to a wall-mounted cable outlet. 


Coming out from under a baseboard heater or other location. See Figure 1-6 for the wiring 
example. 


Notes: Foroptimum performance, be sure to 
connect your Wireless Gateway to the first point 
the cable enters yourhome. The splitter must be 
rated forat least 1GHz 


TV converter TV converter 
Cabledrop __- ooo Modem 


eactad saclay 


4 TV converter 
4 


| a 
/\ 


Hi = Splitters 


Grounding rod 


Fig. 1-6 Basic Home Wiring 
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Installation procedure for connecting to the Ethernet interface 
Follow these steps for proper installation. 


Plug the coaxial cable to the cable wall outlet and the other end to the modem’s cable connector. 


Note: To ensure a fast registration of the modem, the coaxial cable must be connected to 
the modem before it is powered on. 


Plug the power supply into the socket of the cable modem and two-pin plug in the AC outlet then press 
the Power Switch, power on the modem. 


Note: Only use the power supply that comes with the modem. Using another power supply 
can cause damage to the product, and will void the warranty. 


Connect an Ethernet cable (direct connection, see below) to the Ethernet port at the back of the computer, 
and the other end to the ETHERNET port on the rear panel of the cable modem. The modem will seek the 
appropriate cable signal on the cable television network and go through the initial registration process on 
its own. The modem is ready for data transfer after the green LED "ONLINE" is lit continuously. 


Note: the button "reset" at the back of the modem is used primarily for maintenance. 


o| = RF Cable 
Power supply Splitter | 
hed) 


Fig. 1-7 Connect to the Modem 
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CHAPTER 2: WEB CONFIGURATION 


To make sure that you can access the Internet successfully, please check the following first. 


1. Make sure the connection (through Ethernet) between the Wireless Gateway and your computer is 
OK. 


2. Make sure the TCP/IP protocol is set properly. 
3. Subscribe to a Cable Company. 


Accessing the Web Configuration 


The Wireless Gateway offers local management capability through a built-in HTTP server and a number 
of diagnostic and configuration web pages. You can configure the settings on the web page and apply 
them to the device. 


Once your host PC is properly configured; please proceed as follows: 


1. Start your web browser and type the private IP address of the Wireless Gateway on the 
URL field: 192.168.0.1 
2. After connecting to the device, you will be prompted to enter username and password. By 


default, the username is “ ” mu and the password is eral 
Connect to 192. Connect to 192,168.01 0.1 


— 


The server 192,168.0.1 at Technicolor requires a username 
and password, 


Warning: This server is requesting that your username and 
password be sent in an insecure manner (basic authentication 
without 4 secure connection). 


User name:  £ ’ 
Password: 


I” Remember my password 


cocl_| 


Fig2-1 Login dialogue 


If you login successfully, the main page will appear. 
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Outline of Web Manager 


The main screen will be shown as below. 


technicolor 


Status 


Software = This page displays information on the current system software 


Software 
Connection 
Password ; 
Information 
Diagnostics Standard Specification Compliant DOCSIS 2.0 
Hardware Version 1.0 
Software Version STDB.09.01.T6 
Initial Scan Cable Modem MAC Address 00:11:e3:df:60:01 
Cable Modem Serial Number 


Event Log 


Main Window 


Switch Mode CM certificate | Installed 


Backup/Restore 
Status 
System Up Time O days 00h:1?m:48s 
Network Access | Allowed 
CableMadem IP Address | won ree nae oe 


Fig. 2-2 Outline of Web Manager 
Menu: For entering each function, e.g., Status, Network, Firewall... 


@ = Title: the sidebar on the left side of the page indicates the title of this management interface, e.g., 
Software in this example 


@ Main Window: the current workspace of the web management, containing configuration or status 
information 


For easy navigation, the pages are organized in groups with group in names main menu. Individual page 
names within each group are provided in the sub menu and sidebar. So to navigate to a page, click the 
group hyperlink at the top, then the sub menu for the function, finally choose the title on the sidebar. 


Your cable company may not support the reporting of some items of information listed on your gateway’s 
internal web pages. In such cases, the information field appears blank. This is normal. 
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Warning message to change the password 

At your first connection or while the password is the default one, a warning message is displayed on the 
top banner of each Web configuration page. We want to encourage you to change the password in order 
to enforce the security of your modem. Please refer to the chapter password page 25 for more 
information. 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
= — 


Status 


Password : This page allows configuration of administration access privileges and the ability to restore factory 
Connection defaults to the system 


Software 


> Password 
Diagnostics User Name ere 
Event Log Password 
Re-Enter Password 
Initial Scan [ 
Switch Mode Restore Factory Defaults OYes ©No 
Appl 
Backup/Restore 


Fig. 2-3 Status\Password 


To change the password: type the password, and re-enter it again. 
If the password is accepted, you are required to re log on the web pages: 


Conect to 192168.03 __ T 


‘ 


The server 192,168,0,1 at Technicolor requires a username 
and password, 


Warning: This server is requesting that your username and 
password be sent in an insecure manner (basic authentication 
without 4 secure connection). 


User name: [a 6d | 
Password: 


T Remember my password 


cou_| 


Fig. 2-4 Password request dialog 
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Status Web Page Group 


1. Software 


The information section shows the hardware and software information about your gateway. 


The status section of this page shows how long your gateway has operated since last time being powered 
up, and some key information the Cable Modem received during the initialization process with your cable 
company. If Network Access shows “Allowed,” then your cable company has configured your gateway to 
have Internet connectivity. If not, you may not have Internet access, and should contact your cable 
company to resolve this. 
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Status - WNetwork- Advanced-  Firewall- Parental Control- VPN- Wireless 
7% — 
; Status 
> Software 
Software : This page displays information on the current system software. 
Connection 
Password ; 
Information 
Diagnostics Standard Specification Compliant | DOCSIS 2.0 
Hardware Version 1.0 
Event Log Software Version STDB.09.01.T6 
Initial Scan | Cable Modem MAC Address | O0:11:e3:df:60:01 
Cable Modem Serial Number 
Switch Mode CM certificate Installed 
Backup/Restore 
Status 
System Up Time O days 00h:22m:40s 


Network Access Allowed 
CableModem IP Address ioe estes eae 


Fig.2-5 Status\Software 
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2. Connection 


This page reports current connection status containing startup procedures, downstream and upstream 
status, CM online information, and so on. The information can be useful to your cable company’s support 


technician if you’re having problems. 
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Status - Network- Advanced- Firewall - Parental Control- YPN- Wireless 
7 <= 
aa 

Status 
Software 

Connection : This page displays information on the status of the cable modem's HFC and IP network connectivity. 

>» Connection 

beseard Startup Procedure 
Diagnostics Procedure Status Comment 

Acquire Downstream Channel Locked 
Erste hog Connectivity State OK Operational 
Initial Scan Boot State |OK | Operational 

Configuration File 
suite Mode Security Disabled | Disabled 
Backup/Restore 

Downstream Channel 

Lock Status {Locked | Modulation QAM256 

Channel ID 4 Symbol rate 5360537 

Downstream Frequency Downstream Power (-1.6 dBm 

SNR 38.0 dB | Bit Error Rate 0.000 % 


Upstream Channel 


Lock Status |Locked |Madulation [QPSK 
Channel ID | Symbol rate |1280 Ksym/sec 
Upstream Frequency Upstream Power |47.2 dBmv 
CM IP Address ‘Duration Expires 

wae nae nae ne D: -- H: -- M: -- 5S: -- ann na= w= -o lan != ===- 


Current System Time: Tue Sep 25 16:59:06 2012 


Fig. 2-6 Status\Connection 
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3. Password 


6699 


By default, the username is empty (“”) and the password is “admin”. 


This is set by different actions (non exhaustive list): 


- at the manufactory level, 
- following a reset factory on the modem, 
- following a reset from the operator, 
- following a change by the user who wants to come back to the default setting after using its own 
settings 
When the current password is the default one, the user is strongly encouraged to change the default web 
password. 


At your first connection or while the password is the default one, a warning message is displayed on the 
top banner of each Web configuration page. We want to encourage you to change the password in order 
to enforce the security of your modem. 


The password can be a maximum of 8 characters and is case sensitive. In addition, this page can be used 
to restore the gateway to its original factory settings. Use this with caution, as all the settings you have 
made will be lost. To perform this reset, set Restore Factory Defaults to Yes and click Apply. This has 
the same effect as a factory reset using the rear panel reset switch, where you hold on the switch for 5 
seconds, then release it. 


Note: We are always suggesting you to modify the password. This is a basic protection against wrongful 
access to the Gateway Web pages. 
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Status - Network- Advanced - Firewall - Parental Control- VPN- Wireless 
ae cS 


Status 


Password : This page allows configuration of administration access privileges and the ability to restore factory 
Connection defaults to the system 


Software 


> Password 


Diagnostics User Name admin 
Event Log Password 
Re-Enter Password 
Initial Scan 
Switch Mode Restore Factory Defaults O Yes ©No 
Appl 
Backup/Restore 
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| 
__ | | 
J SS __E=_=_=T= 


Fig. 2-7 Status\Password 
To change the password: type the password, and re-enter it again. 


If the password is accepted, you are required to re log on the web pages: 


Connect to 192.168. 0.1 2) x) 


The server 192,168.0,1 at Technicolor requires a username 
and password, 


Warning: This server is requesting that your username and 


password be sent in an insecure manner (basic authentication 
without 4 secure connection). 


User name: [a >| 
Password: 


T” Remember my password 


coe_| 


Fig. 2-8 Password request dialog 


If the password is no accepted, an error message is displayed: 


HTTP 401 - Unauthorized 
Authorization is required to access the configuration server. 


You must enter the correct username and/or password. 


Please reflash the web and wait for Password dialog pop-up, then typing the correct username and 
password again. 
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4. Diagnostics 


This page offers basic diagnostic tools for you to use when connectivity problems occur. When you ping 
an Internet device, you send a packet to its TCP/IP stack, and it sends one back to yours. To use the ping 
Test, enter the information needed and press Start Test; the Result will be displayed in the lower part of 
the window. Press Abort Test to stop, and Clear Results to clear the result contents. Note: Firewalls may 
cause pings to fail but still provide you TCP/IP access to selected devices behind them. Keep this in mind 
when ping a device that may be behind a firewall. Ping is most useful to verify connectivity with PCs 
which do not have firewalls, such as the PCs on your LAN side. 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
eS 
Status 
Software 
Diagnostics : This page provides for ping diagnostics to the LAN to help with IP connectivity problerns. 
Connection 
Fogeio bs Ping Test Parameters 
> Diagnostics Ping Target |192 |. |168 |. 0. |1 
Event Log Ping Size 64 bytes 
i No. of Pings 3 
Initial Scan 
Ping Interval /1000 ms 
Switch Mode : 
Backup/Restore Start Test| | Abort Test] | Clear Results 
Results 


Waiting for input... 


To get an update of the results you must REFRESH the page 


Fig. 2-9 Status\Diagnostics 


Page 25/ 83 


technicolor 


5. Event Log 


This page displays the contents of the SNMP event log. Press “Clear Log” button to clear the logs. 


Status - Network- Advanced- Firewall - Parental Control- VPN- Wireless 

Status 

Software 
SNMP Event Log : This page displays the contents of the SNMP event log. 

Connection 

Bes ‘Time ss Priority Description, 

Initial Scan 

Switch Mode 

Backup/Restore 


Clear Log 


Fig. 2-10 Status\Event Log 
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6. Initial Scan 
To speed up the modem’s first time connection, enter known downstream frequency and/or upstream 
channel ID information here. Then click “Apply and Reboot” button to start scanning the cable network 


beginning with the values supplied here. 


The value is provided in Hertz. So, for 453 MHz, you must type: 453000000 
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Status - Network- Advanced- Firewall - Parental Control- VPN- Wireless 


Status 


Initial Scan : To speed up the modem's first time startup, enter known downstream frequency and/or upstream 
channel ID information here. Then click the ‘Apply and Reboot' button. The modem will start scanning the cable 
network beginning with the values supplied here. 


Software 
Connection 
Password 
Diagnostics 


Event Lo 
9 Initial DS Frequency: 452995974 | Upstream Channel ID: |1 


Initial Scan 


w. 


Apply and Reboot 


Switch Mode 


Backup/Restore 


Fig. 2-11 Status\Initial Scan 
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7. Switch Mode 


This page displays switch mode information. It can be disabled, IPv4-Only, IPv6-Only, IPv4+IPv6 and 
Legacy RG IPv4 mode. 


By selecting the switch mode and then clicking Apply button for enabling it. 


Status - Network- Advanced- Firewall - Parental Control- VPN- Wireless 
a 
Status 
Software 
Switch Mode : This page displays switch mode. 
Connection 
Password 
Diagnostics Current Mode Legacy RG IPv4 Mode 
Switch Mode Legacy RG IPv4 Mode v} 
Event Log 
Initial Scan 
> Switch Mode 
Backup/Restore 


Fig 2-12 Status\ Backup/Restore 
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8. Backup/Restore 


Backup/Restore Settings: This page allows you to save your current settings locally on your PC, or 
restore settings previously saved. The default file name is “GatewaySettings.bin”. 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
~~ a, 


Status 


Backup/Restore Settings | This page allows you to save your current settings locally on your PC, or restored 
Connection settings previously saved 


Software 


Password 

Diagnostics Backup 

Event Log 

Initial Scan Restore Settings 

pelea (Grasse Fe] wo te chose 


>» Backup/Restore 


Fig 2-13 Status\ Backup/Restore 
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Network Web Page Group 
1. LAN 
You can activate the DHCP server function for the LAN on this page. 


With this function activated, 


e your cable company’s DHCP server provides one IP address for your gateway, 

e and your gateway’s DHCP server provides IP addresses, starting at the address you set in IP 
Address on the LAN page, to your PCs. A DHCP server leases an IP address with an expiration 
time. 


To change the IP address that your gateway will use on the LAN side, enter it into the IP Address box 
and then click Apply. 


IP Address and Subnet Mask: 
A private IP address and Subnet Mask for LAN sub netting. 
For example 192.168.0.1./ 255.255.255.0. 


DHCP Server: 


@ Select the check point of “Yes” or “No” to enable or disable a simple DHCP server for LAN. 
@ Configure the IP address numbers for the DHCP server with “Lease pool start” and “Lease pool 
end”. 
@ Configure the IP address lease time with “Lease time” for DHCP server. Default value is 604800 
seconds. 
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Status - Network- Advanced- Firewall- Parental Control- YWPN- Wireless 
_ rr 
Network 
> LAN 

LAN : This page allows configuration and status of the optional internal DHCP server for the LAN. 
WAN 
Computers : 

Network Configuration 
DDNS P Address: 192,168,1.254 
Time Subnet Mask: 255,.255.255.0 _ 

AC Address 00:10:18:de:ad:05 

Pass Through 
Portbase DHCP Server @Yes ONo 
PassThrough Lease Pool Start 192,.168.1.50 

Lease Pool End 192,168.1,150 

Lease Time 172800 


Fig. 2-14 Network\LAN 
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2. WAN 
You can configure the optional internal DHCP server for the WAN on this page. This can be required by 
some ISP providers. 


Select different WAN Connection Type will lead to different contents. Take the WAN connection type- 
DHCP for example, you can release and renew the WAN lease by pressing the buttons. 


You can enter a spoofed MAC address that causes your gateway networking stack to use that MAC 
address when communicating instead of the usual WAN MAC adaress, e.g., if the MAC address is 
00:10:18:de:ad:03, this spoofed MAC address could be 00:11:e3:df:ad:05 or any desired MAC address. 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
a 
= 
Network 
LAN 
WAN : This page allows configuration and status of the internal DHCP client for the WAN. 
» WAN 
Computers 
IPv4 Address: 10.10.133.171 
DDNS MAC Address: 00:10:18:de:ad:03 
Duration D: 00 H: 23 M: 19 S: 08 
Time Expires Wed Sep 26 15:54:52 2012 


IPv4 DNS Servers 10.10.159.253 


Pass Through 
f Release WAN Lease } | Renew WAN Lease ] 


Portbase 

nie WAN Connection Type | DHCP ¥) 
Hast Name [ —= (Required by some ISPs) 
Domain Name (Required by some ISPs) 
MTU \o (256-1500 octets, 0 = use default) 


Spoofed MAC Address |00 |: |00 |: |00 |: |00 |: \o0 |: 00 


Fig.2-15 Network\WAN 
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3. Computers 

This page displays the status of the DHCP clients and current system time. You can cancel an IP address 
lease by selecting it in the DHCP Client Lease Info list and then clicking the Force Available button. If 
you do so, you may have to perform a DHCP Renew on that PC, so that it can obtain a new lease. 


technicolor 


Status - Network- Advanced-  Firewall- Parental Control- YPN- Wireless 

Network 

LAN 
Computers = This page shows the status of the DHCP clients and current system time. 

WAN 

> Computers DHCP Clients 

DDNS 

Time 
Current System Time: Tue Sep 25 17:41:48 2012 

Pass Through 

Portbase 

PassThrough 


Fig.2-16 Network\Computers 
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4. DDNS - Dynamic DNS service 


This page allows to setup for Dynamic DNS server. 
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Status - Network - Advanced- Firewall- Parental Control- VPN- Wireless 
a 
= 
Network 
LAN 
DDNS : This page allows setup of Dynamic DNS service. 
WAN 
Computers , 
DDBNS Service: | Disabled v 
e Bens User Name: 
Time Password: 
Pass Through Host Name: 
Portbase IP Address: 10.10.133.171 
PassThrough Status: DDNS service is not enabled. 
Apply 


Fig.2-17 Network\DDNS 


DDNS Service- Choose Enabled (www.DynDNS.org ) to enable the basic setting. Choose Disabled 
to close the basic setting. 

Username- The username that you registered with your DDNS provider. 

Password- The password that you registered with your DDNS provider 

Host Name- The domain name or host name that is registered with your DDNS provider 

Status- It shows the DDNS service status whether it is enabled or disabled. 


Click Apply to save the changes. 
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5. Time 


This page allows configuration and display of the system time obtained from network servers via Simple 
Network Time Protocol. The system has to be reset for any changes to take effect. 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
a 
r 
Network 
LAN 
Time : This page allows configuration and display of the system time obtained fram network servers via Simple 
WEAN Network Time Protocol. The system has to be reset for any changes to take effect. 
Computers 
Baus Enable SNTP OYes @No 
Current Time Tue Sep 25 17:42:53 2012 
> Time System Start Time Tue Sep 25 16:35:05 2012 
Time Server 1 iclock, via.net 
Pass Through : 
Time Server 2 Intp.nasa.gov 
Portbase : 
PassThrough Time Server 3 |tick.ucla,edu 


Timezone Offset Hours |g |v] Minutes {o  ¥| 


Apply | | Reset Values 


Fig.2-18 Network\Time 
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6. Pass Through 
This page allows you to add/delete passthrough CPE (bypass NAT). 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
A 
S 

Network 
LAN 

Pass Through : This page allows you to add/delete passthrough CPE(bypass NAT). 
WAN 
Computers 

PassThrough Mac Addresses (example: 01:23:45:67:89: AB) 

ENS Add Mac Address 
Time 


>» Pass Through 


Portbase Addresses entered: 0/24 


Pass Through Remove Mac Address | | Clear All 


Fig.2-19 Network\FTP Diagnostics 
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7. Port-base Passthrough 


This page allows the configuration of each Ethernet Port. Per default, each Ethernet port is routed. If you 
enable the Passthrough, the Ethernet Port will have a direct connection to the Network. Note that access 
to this web access can be denied by your Cable operator. 


Status - Network - Advanced -  Firewall- Parental Control- VPN- Wireless 

Network 

LAN 
Port-base Passthrough : This page allows the configuration of each Ethernet Port. Per default, each Ethernet port 

WAN is routed. If you enable the Passthrough, the Ethernet Port will have a direct connection to the Network. Note that 
access to this web access can be denied by your Cable operator 

Computers 

DDNS 

Time 


Pass Through 


Portbase 
PassThrough 


Fig.2-20 Network\Port-base Passthrough 
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Advanced Web Page Group 
1. Options 


This page allows you to enable/disable some features of the Wireless Gateway. 


technicolor 


Status - Network - ecrenced - Firewall - Parental Control- VPN- Wireless 
 _s 
2 Advanced 
> Options 

Options = This page allows configuration of advanced features of the broadband gateway. 

IP Filtering 

ero ne WAN Blocking WEnabie 

Port Filtering Ipsec PassThrough M] Enable 
PPTP PassThrough M Enable 

Forwarding Remote Config Management 1 Enable 

port iigaers Multicast Enable M Enable 
UPnP Enable M Enable 

DMZ Host NAT ALG Status 
RSVP M Enable 

fukin FTP M Enable 
TEIR M Enable 
Kerb8s M Enable 
NetBios M] Enabie 
IKE M] Enable 
RTSP M) Enable 
Kerb1293 M Enable 
H225 M Enable 
PPTP M Enable 
MSN M Enable 
SIP M Enabie 
Ica M] Enable 
IRCBBBx M] Enable 
ICQTalk Enable 
Net2Phone Enable 
IRC7000 M] Enable 
IRC8000 M) Enable 


Fig.2-21 Advanced\Options 


@ WAN Blocking prevents others on the WAN side from being able to ping your gateway. With WAN 
Blocking enabled, your gateway will not respond to pings it receives, effectively “hiding” your 
gateway. 


@ Ipsec PassThrough enables IpSec type packets to pass WAN @& LAN. IpSec (IP Security) is a 
security mechanism used in Virtual Private Networks (VPNs). 


@ PPTP PassThrough enables PPTP type packets to pass WAN © LAN. PPTP (Point to Point 
Tunneling Protocol) is another mechanism sometimes used in VPNs. 


@ Remote Config Management makes the configuration web pages in your gateway accessible from 
the WAN side. Note that page access is limited to only those who know the gateway access 
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password. When accessing your gateway from a remote location, your must use HTTP port 8080 and 
the WAN IP address of the gateway. e.g., if the WAN IP address is 157.254.5.7, you would navigate 
to http://157.254.5.7:8080 to reach your gateway. 


@® Multicast Enable enables multicast traffic to pass WAN@ LAN. You may need to enable this to 
see some types of broadcast streaming and content on the Internet. 


@ UPnP Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, 
access the network and connect to other devices as needed. UPnP devices can automatically discover 
the services from other registered UPnP devices on the network. 


@ NAT ALG enable NAT ALG (application layer gateways) allows customized NAT traversal filters 
to be plugged into the gateway to support address and port translation for certain application layer 
"control/data" protocols such as RSVP, FTP, TFTP, Kerb88, NetBios , IKE, RTSP, Kerb1293 , 
H225 , PPTP , MSN, SIP , ICQ, IRC666x , ICQTalk , Net2Phone , IRC7000 , IRC8000 file transfer 
in IM applications etc. In order for these protocols to work through NAT or a firewall, either the 
application has to know about an address/port number combination that allows incoming packets, or 
the NAT has to monitor the control traffic and open up port mappings (firewall pinhole) dynamically 
as required. Legitimate application data can thus be passed through the security checks of the 
firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter 
criteria. 
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2. IP Filtering 

This page enables you to enter the IP address ranges of PCs on your LAN that you don’t want to have 
outbound access to the WAN. These PCs can still communicate with each other on your LAN, but 
packets they send to WAN addresses are blocked by the gateway. 
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Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 
a 


a 
Advanced 


Options 
IP Filtering © This page allows the configuration of IP Address filters in order to block internet traffic to specific 


> IP Filtering network devices on the LAN. 
MAC Filtering 
lear} IP Filtering 
oe StartAddress EndAddress Enabled 
Forwarding 192.168.1.0 | 192.168.1.\0 


192.168.1.\0 | 192.168.1.\0 
192.168.1.0 |192.168.1./0 |O 
saa 192.168.1..0 |192.168.1.0 |O 
eee 192.168.1.0 | 192.168.1. 0 
192.168.1..0 | 192.168.1.|0 
192.168.1..0 | 192.168.1.0 | O 
192.168.1.0 | 192.168.1.\0 
192.168.1..0 | 192.168.1.0 | O 


192.168.1.|0 192.168.1.)0 LI 


Fig.2-22 Advanced\IP Filtering 


Port Triggers 
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3. MAC Filtering 

This page enables you to enter the MAC address of specific PCs on your LAN that you do not wish to 
have outbound access to the WAN. As with IP filtering, these PCs can still communicate with each other 
through the gateway, but packets they send to WAN addresses are blocked. 
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Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 


————_____—__—_§—1— , as 


Advanced 
Options 

MAC Filtering : This page allows configuration of MAC Address filters in order to block internet traffic to specific 
IP Filtering network devices on the LAN. 


>» MAC Filtering 


Port Filtering MAC Address Filters 


MAC 01 |00): |o0|: }o0): (00): joo): oo MAC 02 |o0|: (00): Joo): |o0): joo): joo) 
Forwarding MAC 03 00): |o0): Joo): joo): joo): joo MAC 04 |00): |o0): |o0|: joo): joo): joo) 
, MAC 05 Joo}: |o0): |o0|: oo): joo! oo MAC 06 |o9|: |o0): jo}: |o0): joo): joo 

Port Triggers 
MAC O7 |o0): Joo): |o0}: joo): joo): joo MAC 08 |o9}: jo): Joo): joo): joo): joo 
DMZ Host MAC 09 |o0}: |00): Joo}: 00): joo}: |oo MAC 10 joa): 0): joo): jo0): joo): oo 
RIP Setup MAC 11 |00): |o0|: 00): |00!: joo}: oo MAC 12 |o0|: |00): |oo|: joo]: joo): |oo| 
MAC 193 \00/: 00): joo}: 00): joo}: joo MAC 14 |00): |a0): joo): |o0): joo): joo 
MAC 15 Joo): oo}: |o0): |o0): joo}: joo MAC 1600}: 00): oo): 00): joo): oo 
MAC 17 |o0): |o0}: joo}: |o0): joo}: joo MAC 18 |oo): {oo|: lao): 00): |00): |o0| 
MAC 19 |o0): oo): [oo]: [ool: {oo|: foo MAC 20 [ao): oo: [ao|: fool: [ao): foo] 


Fig.2-23 Advanced\MAC Filtering 


Page 40/ 83 


technicolor 
4. Port Filtering 


This page allows you to enter ranges of destination ports (applications) that you don’t want your LAN 
PCs to send packets to. Any packets your LAN PCs send to these destination ports will be blocked. For 
example, you could block access to worldwide web browsing (http = port 80) but still allow email service 
(SMTP port 25 and POP-3 port 110). To enable port filtering, set Start Port and End Port for each range, 
and click Apply. To block only one port, set both Start and End ports with the same value. 
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Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 
= a 
Advanced 

Options 

Port Filtering : This page allows configuration of port filters in order to block specific internet services to all devices 
IP Filtering on the LAN. 
MAC Filtering 

> Port Filtering Hore Pea 
: Start PortEnd PortProtocol Enabled 
Forwarding 1 65535| [Both ¥| 0 
v 

Port Triggers 1 65535| {Both ¥| O 

1 65535| | Both ¥| 
DMZ Host ; 

gh 65535) |Both ¥| 1 
RIP Setup 1 65535| [Both v) 

1 65535| [Both ¥| O 

1 65535| {Both ¥| O 

1 65535) [Both ¥| 1 

1 65535| [Both ¥| O 

1 65535| [Both ¥| O 

(Apply) 


Fig.2-24 Advanced\Port Filtering 
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For example : 


To block HTTP (port 80) browse and restrict mail send from POP-3(port 110), setting as following 


80 


110 


Port Filtering 


1 


al 


65535 | Both ¥ 
65535 | Both ¥ 


65535 | Both ¥ 


65535) Both ¥ 
65535] [Both 
65535] | Both ¥ 


65535 | Both ¥ 


65535 | Both ¥ 


Start PortEnd PortProtocol Enabled 


80 Both ¥ 


110 Both ¥ 


Ky 


SoEaesaani Ss 


Fig.2-25 Advanced\Port Filtering 


Setting port value, block protocol (Both for TCP & UDP), check ‘Enable’ then apply. 
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5. Forwarding 


For LAN @ WAN communications, the gateway normally only allows you to originate an IP connection 
with a PC on the WAN; it will ignore attempts of the WAN PC to originate a connection onto your PC. 
This protects you from malicious attacks from outsiders. However, sometimes you may wish for anyone 
outside to be able to originate a connection to a particular PC on your LAN if the destination port 
(application) matches one you specify. 
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Status - Network- Advanced-  Firewall- Parental Control- YVPN- Wireless 
= a 
Advanced 
Options 
Forwarding : This allows for incoming requests on specific port numbers to reach web servers, FTP servers, mail 
IP Filtering servers, etc. so they can be accessible from the public internet. A table of commonly used port numbers is also 
provided. 
MAC Filtering 


Port Filtering Port Forwarding 


Local IP Adr Start PortEnd PortProtocol Enabled 


> Forwarding 1 : es 
192.168.1.0 0 a Bath ¥ 

Port Triggers 192.168.1.0 |lo | (0 Both 4] O 

DMZ Host 192.168.1.|0 oo =| jo _| [Both iw) O 
RIP Setup 192.168.1..0 | |0 fe ‘Both ¥| 

192.168.1..0 | |o 0 Both ¥| 

192.168.1.\0 | (0 ‘0 ‘Both ¥| O 

492.168.1.0 |[o | lo | [Botha oO 

192.168.1.\0 | |0 fn Both ¥| 0 

192.168.1.\0 | [0 ‘0 Both ¥] O 

192.168.1./0 Qo a Both ¥| O 


Fig.2-26 Advanced\Forwarding 


This page allows you to specify up to rules. For example, to specify that outsiders should have access to 
an FTP server you have running at 192.168.0.5, create a rule with that address and Start Port =20 and End 
Port =21 (FTP port ranges) and Protocol = TCP (FTP runs over TCP and the other transport protocol, 
UDP), and click Apply. This will cause inbound packets that match to be forwarded to that PC rather than 
blocked. As these connections are not tracked, no entry is made for them in the Connection Table. The 
same IP address can be entered multiple times with different ports. 


Page 43/ 83 


technicolor 


6. Port Triggers 


Some Internet activities, such as interactive gaming, require that a PC on the WAN side of your gateway 
be able to originate connections during the game with your game playing PC on the LAN side. You could 
use the Advanced-Forwarding web page to construct a forwarding rule during the game, and then remove 
it afterwards (to restore full protection to your LAN PC) to facilitate this. Port triggering is an elegant 
mechanism that does this work for you, each time you play the game. 
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Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 


- a 


Advanced 
Options 
Port Triggers : This page allows configuration of dynamic triggers to specific devices on the LAN. This allows for 
IP Filtering special applications that require specific port numbers with bi-directional traffic to function properly. Applications such 
as video conferencing, voice, gaming, and some messenging program features may require these special settings 


MAC Filtering 

Port Filtering Port Triggering 

Se I eli aaa 

> Port Triggers 0 0 0 0 Tee ¥) O 

eS 0 |p |b o @6©| fee wo 
0 0 0 0 | [tcp @) O 

Oe Q Q Q Q Top vO 
0 0 0 0 top ¥|O 
o Q Q o.@6| (top JO 
0 0 O 0 Top ¥) O 
0 0 0 0 tcp ¥)| O 
fh) 0 0 0 Tcep ¥)] O 
0 0 0 0 | [tcp ] O 


Fig.2-27 Advanced\Port Triggers 


Port Triggering works as follows. Imagine you want to play a particular game with PCs somewhere on 
the Internet. You make one time effort to set up a Port Trigger for that game, by entering into Trigger 
Start Port and Tigger End Port the range of destination ports your game will be sending to, and 
entering into Target Start Port the range of destination ports the other player (on the WAN side) will be 
sending to (ports your PC’s game receives on). Application programs like games publish this information 
in user manuals. Later, each time you play the game, the gateway automatically creates the forwarding 
rule necessary. This rule is valid until 10 minutes after it sees game activity stop. After 10 minutes, the 
rule becomes inactive until the next matched outgoing traffic arrives. 


e.g., suppose you specify Trigger Range from 6660 to 6670 and Target Range from 113 to 113. An 
outbound packet arrives at the gateway with your game-playing PC source IP address 192.168.0.10, 
destination port 666 over TCP/IP. This destination port is within the Trigger destined for port 113 to your 
game-playing PC at 192.168.0.10. 
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7. DMZ Host 


Use this page to designate one PC on your LAN that should be left accessible to all PCs from the WAN 
side, for all ports. e.g., if you put an HTTP server on this machine, anyone will be able to access that 
HTTP server by using your gateway IP address as the destination. A setting of “0” indicates NO DMZ PC. 
“Host” is another Internet term for a PC connected to the Internet. 
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Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 


Advanced 
Options 
DMZ Host (Exposed Host) : This page allows configuration of a specific network device to be exposed or visible 
IP Filtering directly to the VWVAN (public internet). This may be used when problem applications do not work with port triggers. 
Entering a "0" means there are no exposed hosts 


MAC Filtering 


Port Filteri 
setae DMZ Address 192.168.1.0 | 


Forwarding 


Port Triggers 
> DMZ Host 


RIP Setup 


Fig.2-28 Advanced\DMZ Host 
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8. RIP (Routing Information Protocol) Setup 


This feature enables the gateway to be used in small business situations where more than one LAN (local 
area network) is installed. The RIP protocol provides the gateway a means to “advertise” available IP 
routes to these LANs to your cable operator, so packets can be routed properly in this situation. 


Your cable operator will advise you during installation if any setting changes are required here. 


Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
e = a 


Advanced 


Options 
Routing Information Protocol Setup © This page allows configuration of RIP parameters related to authentication, 
IP Filtering destination IP address/subnet mask, and reporting intervals. RIP automatically identifies and uses the best known and 
quickest route to any given destination address 


MAC Filtering 
Port Filtering RIP Support Disabled ¥ 
Forwarding RIP Authentication OC Enable 


RIP Authentication Key 
Port Triggers 


RIP Authentication Key ID jo 


DMZ Host - 
RIP Reporting Interval 30 seconds 


» RIP-Setup RIP Destination IP Address jo |. |o |. |0 |. |o 


Fig.2-29 Advanced\RIP Setup 
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Firewall Web Page Group 


1. Web Content Filtering 


These pages allow you to enable, disable, and configure a variety of firewall features associated with web 
browsing, which uses the HTTP protocol and transports HTML web pages. On these pages, you designate 
the gateway packet types you want to have forwarded or blocked. You can activate settings by checking 
them and clicking Apply. 


The web-related filtering features you can activate from the Web Content Filter page include Filter Proxy, 
Filter Cookies, Filter Java Applets, Filter ActiveX, Filter Popup Windows, and Firewall Protection. 


If you want the gateway to exclude your selected filters to certain computers on your LAN, enter their 
MAC addresses in the Trusted Computers area of this page. 
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Status - Network - Advanced- Firewall - Parental Control- VPN- Wireless 
a 


a 
Firewall 
> Web Filter 
Web Content Filter : This page allows certain WWeb-oriented cookies, java scripts, and pop-up windows to be 
TOD Filter blocked by the firewall. A list of "trusted computers" can also be defined that are not subject to any filters configured 
Specific Firewall features can also be enabled. It is highly recommended that the Firewall is left enabled at all times 


Local Log for protection against Denial of Service attacks. Go to the Parental Control page to block internet access to specific 


sites. 
Remote Log 
Web Features 
Filter Proxy L] Enable 
Filter Cookies [| Enable 
Filter Java Applets CT] Enable 
Filter Activex Ol Enabie 
Filter Popup VVindows 1 Enable 
Block Fragmented IP Packets (] Enable 
Port Scan Detection 1) Enable 
IP Flood Detection 1 Enable 
Firewall Protection | Off v 


Trusted Computers 
r 


o0 |:\00 |: |00 |: \o0 |: /o0 |: [oo | (add 


No Trusted Computers 


Remove 


Fig.2-30 Firewall\Web Filter 
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2. TOD Filtering 


Use this page to set rules that will block specific LAN side PCs from accessing the Internet, but only at 
specific days and times. Specify a PC by its hardware MAC address, and then use the tools to specify 


blocking time. Finally, click the Apply button to save your settings. 
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Status - 


Web Filter 
> TOD Filter 
Local Log 


Remote Log 


Network - Advanced - Firewall - 


Firewall 
Time of Day Access Filter 


[No filters entered. ¥| LJ Enabled 


Days to Black 

Everyday (Sunday 
Wednesday CO] Thursday 
ime to Block 

DIAll day 


Start 12 (hour) 00 = |(min) [am ¥ 


[IMonday CJ Tuesday 


OFriday OC Saturday 


End: |12  |(hour) |oo = |{min) |AM ¥ 


Parental Control - 


This page allows configuration of web access filters to block all internet traffic to and 
from specific network devices based on time of day settings 


Fig.2-31 Firewall\TOD Filtering 
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3. Local Log 


The gateway builds a log of firewall blocking actions that the firewall has taken. Using the Local Log 
page lets you specify an email address to which you want the gateway to email this log. You must also 
tell the gateway your outgoing (i.e. SMTP) email server’s name, so it can direct the email to it. Enable 
Email Alerts has the gateway forward email notices when Firewall protection events occur. Click E-mail 
Log to immediately send the email log. Click Clear Log to clear the table of entries for a fresh start. 


The log of these events is also visible on the screen. For each blocking event type that has taken place 
since the table was last cleared, the table shows Description, Count, Last Occurrence, Target, and Source. 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
a= a 
rr 

Firewall 
Web Filter 

Local Log : This page allows configuration of Firewall event log reporting via email alerts and a local view of the 
TOD Filter attacks on the system. 

>» Local Log 

Remote Log Contact Email Address 


SMTP Server Name 


E-mail Alerts CJ Enable 


Description Count Last Occurence Target Source 
E-mail Log | | Clear Log 


Fig.2-32 Firewall\Local Log 
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4. Remote Log 


The Remote Log page allows you to specify the IP address where a SysLog server is located on the LAN 
Side and select different types of firewall events that may occur. Then, each time such an event occurs, 
notification is automatically sent to this log server. 
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Status - Network- Advanced- Firewall - Parental Control- YPN- Wireless 
a 
Ee al 
Firewall 
Web Filter 
Remote Log : This page allows optional configuration of events to be sent to a local SysLog server. 
TOD Filter 
— Send selected events 
pe memoes on C)Permitted Connections 


[Blocked Connections 
[Known Internet Attacks 
(Product Configuration Events 


to SysLog server at 192.168.1. ‘0 a 


Fig.2-33 Firewall\Remote Log 
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Parental Control Web Page Group 


1. Basic 


This page allows you to enable, disable, and configure a variety of firewall features associated with web 
browsing, which uses the HTTP protocol and transports HTML web pages. On these pages, you designate 
the gateway packet types you want to have forwarded or blocked. You can activate settings by checking 
them and clicking Apply. 


Here are some of your choices on the Parental Control page: 


@ Activate Keyword Blocking and specify some keywords in the Keyword List to cause blocking of 
web pages on the WAN side with the specified keyword in the content. 


@ Activate Domain Blocking and specify some Domain Names (e.g. www.ABC.com) in the Domain 
List. 
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Status - Network- Advanced- Firewall- Parental Control- YPN- Wireless 


= a 


ae Parental Control 
saSic 
Basic Setup : This page allows basic selection of rules which block certain Internet content and certain VVeb sites. 
VVhen you change your Parental Control settings, you must click on the appropriate "Apply", "Add" or "Remove" button 
for your new settings to take effect. If you refresh your browser's display, you will see the currently active settings. 


Content Filtering 
Keyword Blocking FJ Enable 
Domain Blocking [Enable 


Keyword List 
Blocked Domain List 


Remove Domain 


Fig.2-34 Parental Control\Basic 
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VPN Web Page Group 


1. VPN_Basic 


This page allows you to enable VPN protocols and manage VPN tunnels. “Add New Tunnel” button to 
establish new VPN connection, 
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Status - Network- Advanced- Firewall- Parental Control- VPN- Wireless 
= 
re 
VPN 
>» VPN_Basic 


Basic <= This page allows you to enable VPN protocols and manage VPN tunnels 
IPSec 


VPN_Event Log Pesce 


IPsec Endpoint | Disabled v 


# Name Status Control Configure 


Add New Tunnel... | 


Fig.2-35 VPN\VPN_Basic 


After create a new tunnel for VPN, you can press “Edit” button to connect to IPSec page configure it. 
“Enable” button to make work status In Progress. “Delete” button to remove the tunnel. 


IPsec eae 
IPsec Endpoint Enabled v) 
# Name Status Control Configure 


1 NOT Connected 
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2. IPSec 


This page allowsconfiguration of IPsec tunnels. IPSec, Intemet Protocol Secuntty isa protocol 
suite for securing Intemet Protocol (IP) communications by authenticating and encrypting. 
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Status - Network- Advanced - Firewall 
a 
VPN 
VPN_Basic 


- Parental Control- VPN- Wireless 
am 


IPsec : This page allows configuration of IPsec tunnels. 


> IPSec 


VPN_Event Log Tunnel 


Name 


Local endpoint settings 
Address group type 


Subnet 
Mask 
Identity type 
Identity 


Remote endpoint settings 
Address group type 


Subnet | 


Mask 

Identity type 

Identity 

Network address type 
Remote Address 

IPsec settings 

Pre-shared key 

Phase 1 DH group 
Phase 1 encryption 
Phase 1 authentication 
Phase 1 SA lifetime 
Phase 2 encryption 
Phase 2 authentication 


Phase 2 SA lifetime 


[ Show Advanced Settings | 


Delete Tunnel 
Add New Tunnel 
Apply 


Tunnel list is EMPTY. ¥ 


LIP subnet 


192 .168.1.|\0 


255 . 255.255. 0 


IP address 


(null) 


‘IP subnet 


i 


IP address v) 


(null) 


IP address 


0.0.0.0 


(null) 


Group 1 (768 bits) v 
DES | 


seconds 


seconds 


Fig.2-36 VPN\IPSec 
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Click “Show Advanced Settings” you will see following advance configuration. 


Hide Advanced Settings 


Key management | Auto (IKE) v_ 


IKE negotiation mode | Main v 

Perfect forward secrecy (PFS) | Disabled v 
Phase 2 DH group Group 1 (768 bits) v 

Replay detection ‘Disabled ¥| 

NetBIOS broadcast forwarding ‘Disabled ¥| 
Dead peer detection Disabled v 


@ Key management: 
To manager access Key in Auto (IKE) or Manual as following. To obey the rule, setting Encryption 
key and Authentication key you desire. SPI mean Security Parameter Index, This tag helps the kernel 
discern between two traffic streams where different encryption rules and algorithms may be in use. 

Key management | Manual v 


Manual Encryption Key 00000000000000((16 hexadecimal digits) 
Manual Authentication Key 00000000000000000000000000¢(32 hexadecimal digits) 
Inbound SPIlotiéid 
Outbound SPI|o 


@ IKE negotiation mode: 
Internet Key Exchange, Main Mode protects the identity of the peers; Aggressive Mode does not 


@ Perfect forward secrecy(PFS): 
property that ensures that a session key derived from a set of long-term public and private keys will 
not be compromised 


@ Phase 2 DH group: 
Higher group numbers are more secure, but require additional time to compute the key. There are 
Group 1, 2, 5 to choose. 


@ Replay detection: 
The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks. 
Enable replay detection by selecting this check box 


@ NetBIOS broadcast forwarding: 
Network Basic Input/Output System, Enable to broadcast packets to connect with. 


@ Dead peer detection: 
The method uses IPsec traffic patterns to minimize the number of messages required to confirm the 
availability of a peer. Enable to reclaim the lost resources in case a peer is found dead and it is also 
used to perform IKE peer failover 
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—=__ | 


3. VPN_Event Log 
This page allows you to view the VPN Event Log 
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Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 
a 
———_—_—_—_————— 
VPN 
VPN_Basic 
EventLog : This page allows you to view the VPN Event Log. 
IPSec 
Me ae Time Description 


Fig.2-37 VPN\VPN_Event Log 
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Wireless Web Page Group 


The Wireless web pages group enables a variety of settings that can provide secure and reliable wireless 
communications for even the most demanding tech-savvy user. 


The Wireless Gateway offers a choice of 802.11b/g/n, WPA and WPA-PSK authentication of your PCs to 
the gateway, 64 and 128 bit WEP encryption of communication between the gateway and your PCs to 
guaranty security, and an Access Control List function that enables you to restrict wireless access to only 
your specific PCs. 


Performance 

Because your wireless communication travels through the air, the factory default wireless channel setting 
may not provide optimum performance in your home if you or your neighbors have other interfering 
2.4GHz devices such as cordless phones. If your wireless PC is experiencing very sluggish or 
dramatically slower communication compared with the speed you achieve on your PC that is wired to the 
gateway, try changing the channel number. See the 802.11b/g/n Basic Web Page discussion below for 
details. 


Authentication 

Authentication enables you to restrict your gateway from communicating with any remote wireless PCs 
that aren’t yours. The following minimum authentication-related changes to factory defaults are 
recommended. See the 802.11b/g/n Basic and Access Control Web Page discussions below for details. 


Network Name (SSID) — Set a unique name you choose 
Network Type — Set to Open 
Access Control List — Enter your wireless PCs’ MAC addresses 


Security 

Security secures or scrambles messages traveling through the air between your wireless PCs and the 
gateway, so they can’t be observed by others. The following minimum security setting changes to factory 
defaults are recommended. See the 802.11b/g/n Security Web Page discussion below for details. 
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1. Radio 


To set the basic configuration for the wireless features, click RADIO from the Wireless menu. These 
must match the settings you make on your wireless-equipped PC on the LAN side. 
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Status - Network- Advanced- Firewall- Parental Control - VPN - 
vr 


ro 
a) 
wn 


Wireless 
» Radio 
802.11 Radio : This page allows configuration of the VVireless Radio including current country and channel number. 


Primary Network 


Access Control 


Wireless MAC Address: 00: 26:24:3F:90:CF 
Advanced Output Power | 100% |v 

802.11 Band 2.4 Ghz iv 
Bnidalng 802.11 n-mode [auto ¥ 
Wh 802.11 N Support Required Off ¥ 

Bandwidth 20 Mhz ¥ 

Sideband for Control Channel 

(40 Mhz only) 

New Channel: 1 


Current Channel | 
Regulatory Mode | Off ¥ 


Pre-Network Radar Check \60 


In-Network Radar Check \60 
TPC Mitigation (db) 
OBSS Coexistence 1 (Enabled) ¥) 


Apply Restore Wireless Defaults 


Fig.2-38 Wireless\Radio 


@ Interface: The wireless radio in your gateway can be completely de-activated by changing Interface 
to Disabled. Click the Apply button to save your settings. Activated by changing interface to enabled 


@® Wireless MAC Address: The MAC address for this wireless device will be displayed in this field 
automatically. 


@ Output Power: This setting decides the output power of this device. You may use it to economize 
on electricity by selecting lower percentage of power output. Control the range of the AP by 
adjusting the radio output power. 


802.11 Band: It only support 2.4 GHz band. 


802.11 n-mode: It may help you to Enable or Disable the 11N mode. To enable you need to select 
Auto, to disable you need to select Off, and so force the AP to operate in 802.11 n-mode. 


@ Bandwidth: Select wireless channel width 20 MHz is for default value (bandwidth taken by 
wireless signals of this access point.) 


@ Sideband for Control Channel (40 MHz only): There is “Lower” and “Upper” can be selected if 
Bandwidth 40 MHz was Enabled. 
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_— 8 


@ New Channel: In 802.11 Band 2.4GHz, there are 1 to 13 channels. In 802.11 Band 5GHz, there are 
36, 40, 44, 48 total 4 channels for all country. Choose the one that is suitable for this device. 


Current Channel: The channel that you choose will be displayed in this field. 
Regulatory Mode: suppose 802.11d and 802.11h to satisfy specific environment and request. 
TPC Mitigation (db): Fixed Maximum TX Power Level, options 0 ~ 4 db 


OBSS Coexistence: Overlapping BBS coexistence, here to control this function Enable or Disable, 
default was enabled. 


@ Restore Wireless defaults: To recover to the default settings, press this button to retrieve the 
settings then click Apply. 


wake lrorrerge [Bett 
Network Name _| Set the Network Name Up to 32-character 


(SSID) (also known as SSID) of string containing Tech_D-XXXXXXX 
this network. ASCII characters only 


Network Type Select Closed to hide the 
network from active 
scans. Select Open to Open, Closed 


reveal the network to 
active scans. 


New Channel | Selecta particular 
channel on which to lor6éori1l 
operate. 


Interface Enable or disable the Enabled, Disabled Enabled 
wireless interface. 


Table. 2-1 Basic Settings Definitions 


Page 58/ 83 


technicolor 


2. Primary Network 


This page allows you to configure the Network Authentication. It provides several different modes of 
wireless security. You will have to enter proper information according to the mode you select. 
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Status - Network - Advanced-  Firewall- Parental Control- VPN- Wireless 
a 


ee rr 


Wireless 


Radio 
802.11 Primary Network : This page allows configuration of the Primary Wireless Network and its security settings. 


> Primary Network 


BSE OUI Primary Network DICK no 89 (00:26:24:3f 90:cf) 

Advanced Primary Network Enabled »| Automatic Security Configuration 
oe Network Name (SSID) [DICK no 89 Disabled | 

Bridging L 


Closed Network |Open ¥ 
al AP Isolate [Disabled | 
WPA | Disabled ¥] 
WPA-PSK [Disabled ¥| 
WPA2 [Disabled ¥] 
WPA2-PSK | Disabled ¥| 


VWPAWVPA?2 Encryption 
WPA Pre-Shared Key |reeeeeeeees 
OO Show Key 
RADIUS Server (0.0.0.0 
RADIUS Port [1812 _ 
RADIUS Key | 


Group Key Rotation Interval [a 


WPAMVPA?2 Re-auth Interval 3600 


YEP Encryption | Disabled ’ 
Shared Key Authentication 
802.1x Authentication 


Network Key 1 | 


Network Key 2 | 
Network Key 3 | 


Network Key 4 [ 
Current Network Key 
PassPhrase | 
(Apply) 


Fig. 2-39 Wireless\Primary Network 
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802.11x Authentication introduction 
If you enable the 802.11x authentication function, you will have to offer the following information- 


@ WPA (Wi-Fi Protected Access)/WPA2: 
It must be used in conjunction with an authentication server such as RADIUS to provide centralized 
access control and management. It can provide stronger encryption and authentication solution than 
none WPA modes. WPA2 is the second generation of WPA security. 


@ WPA-PSK (WPA-Pre-Shared Key) /WPA2-PSK (WPA2-Pre-Shared Key): 
It is useful for small places without authentication servers such as the network at home. It allows the 
use of manually-entered keys or passwords and is designed to be easily set up for home users. 


@® RADIUS Server: RADIUS Server is a protocol for carrying authentication, authorization, and 
configuration information between a Network Access Server which desires to authenticate its links 
and a shared Authentication Server. Please key in the IP Address for the RADIUS Server. 


@ RADIUS Port: Besides the IP address of the RADIUS Server, you have to enter the port number for 
the server. Port 1812 is the reserved RADIUS-authentication port described in RFC 2138. Earlier AP 
(RADIUS clients) use port 1945. The default value will be shown on this box. You can keep and use 
ii 


@ RADIUS Key: A RADIUS Key is like a password, which is used between IAS and the specific 
RADIUS client to verify identity. Both IAS and the RADIUS client must be use the same RADIUS 
Key for successful communication to occur. Enter the RADIUS Key. 
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a WPA/WPAZ2: 


For the WPA/WPA2 network Authentication, the settings that you can adjust including WPA/WPA2 
Encryption, RADIUS Server, RADIUS Port, RADIUS Key, Group Key Rotation Interval, and 
WPA/WPA2 Re-auth Interval. 


WPA/WPA2 Encryption: 
There are two types that you can choose, AES, TKIP+AES. 


TKIP takes the original master key only as a starting point and derives its encryption keys 
mathematically from this mater key. Then it regularly changes and rotates the encryption keys so 
that the same encryption key will never be used twice 


AES provides security between client workstations operating in ad hoc mode. It uses a 
mathematical ciphering algorithm that employs variable key sizes of 128, 192 or 256 bits. 


RADIUS Server/RADIUS Port/RADIUS Key: 
Please refer to the previous page. 


Group Key Rotation Interval: 
Key in the time for the WAP group key rotation interval. The unit is second. With increasing rekey 
interval, user bandwidth requirement is reduced. 


WPA/WPA2A2 Re-auth Interval: 

When a wireless client has associated with the Wireless Gateway for a period of time longer than the 
setting here, it would be disconnected and the authentication will be executed again. The default 
value is 3600, you may modify it. 


WPA| Enabled ¥| 


WPA-PSK 
WPA?2|Enabled ¥ 
WPA2-PSK 


WPA/WPA2 Encryption | TKIP+AES ¥ 
WPA Pre-Shared Key |.seeees 


C) Show Key 
RADIUS Server|o0.00 . — 
RADIUS Port [igi> 


RADIUS Key | 


Group Key Rotation Interval |p 
WPA/WPA2 Re-auth Interval [3600 


Fig. 2-40 WPA/WPA2 
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Hi WPA-PSK/ WPA2-PSK: 


For the WPA-PSK/WPA2-PSK network Authentication, the settings that you can adjust including 
WPA/WPA2 Encryption, WPA Pre-Shared Key, and Group key Rotation Interval. 


@ WPA Pre-Shared Key: 
Please type the key to be between 8 and 63 characters, or 64 hexadecimal digits. Only the devices 
with a matching key that you set here can join this network. 


WPA able 
WPA-PSK | Enabled ¥ 

WPA2 Disabled 
WPA2-PSK | Enabled ¥ 


WPA/WPA2 Encryption | AES “i 
WPA Pre-Shared Key |eccccccccccccccccccccccccs 
C1 Show Key 
RADIUS Server 
RADIUS Port [s7> _ 
RADIUSKey[ © | 


Group Key Rotation Interval |p 
WPA/WPA2 Re-auth Interval [> =, 


Fig. 2-41 WPA-PSK/WPA2-PSK 
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= WEP Encryption: 
You can choose 64-bit or 128-bit according to your needs. If you choose Disabled, the Network Keys 


will not be shown on this page. If selected, the data is encrypted using the key before being transmitted. 
e.g., If you set 128-bit in this field, then the receiving station must be set to use the128 Bit Encryption, 
and have the same Key value too. Otherwise, it will not be able to decrypt the data. 

(Note: You need to connect one end of the Ethernet cable to the Ethernet port on the back of your 
computer, and the other end to the ETHERNET port on the Wireless Gateway.) 


If you select WEP (64-bit or 128-bit), you can adjust the following settings- 


@ Shared Key Authentication: 
Decide whether to set the shared key Optional or Required by selecting from the drop-down menu. 


@ Network Key 1 to 4: 
The system allows you to enter four sets of the WEP key. For 64-bit WEP mode, the key length is 5 
characters or 10 hexadecimal digits. As for 128-bit WEP mode, the key length is 13 characters or 26 
hexadecimal digits. 


@ Current Network Key: 
Select one set of the network key (from 1 to 4) as the default one. 


@ = Passphrase: 
You can enter ASCII codes into this field. The range is from 8 characters to 64 characters. For 
ASCII characters, you can key in 63 characters in this field. If you want to key in 64 characters, 
only hexadecimal characters can be used. 


@ Generate WEP Keys: 
Click this button to generate the Passphrase. 


@ Apply: 
After proper configuration, click Apply to invoke the settings. 


WEP Encryption | WEP (128-bit) ¥ 
Shared Key Authentication 
802.1x Authentication | Disabled ¥| 
Network Key 1 [o90000000000000000000 
Network Key 2 [o00000000000000000000 
Network Key 3 [999000000000000000000 
Network Key 4 [990000000000000000000 


Current Network Key | 1 ¥ 
PassPhrase | 


Fig. 2-42 WEP (64-bit) / WEP (128-bit) 
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Automatic Security Configuration 
Wi-Fi Protected Setup'™ (WPS) is an easy and secure way of configuring and connecting your Wireless 
access point. In this case, the Wireless Gateway is the Access Point (AP), and Your PC (or Wireless 


Device) is called the STA. When configuring your Wireless Network via WPS, Messages are exchanged 
between the STA and AP in order to configure the Security Settings on both devices. 


@ WPS Configuration: It will help you to Enable or Disable the WPS feature. To enable you need to 
select WPS, to disable you need to select Disabled. 


Note: After you Enable the WPS you will get the options as show in Fig.2-36 and the WPS 
Configuration State box will show its configuration status. 


@ Device Name: By using this you can change the factory default to a name of your choice which is up 
to 32 characters long as like SSID. 


WPS Setup AP: Here you do not need to change anything, just skip this step. 


WPS Add Client: There are two methods type “Client PIN” and “Authorized Client MAC”. Type in 
the client information you want. Then press button “add”. 


Automatic Security Configuration 
WPS “i 


The physical button on the AP will 
provision wireless clients using 
Wi-Fi Protected Setup (WPS) 


Device Name TechnicolorAP 


WPS Setup AP 
Pi | enerate APN) 
WPS Add Client 


Fig. 2-43 Automatic Security Configuration 


Page 64/ 83 


technicolor 


If you select “Push-Button”, then the WPS Add Client option will appear as shown below. 


WPS Add Client 
Adda client © Push-Button C PIN Add 


Fig.2-44 WPS/Push-Button 


And then if you click “Add” button then WPS Setup AP page will appear as shown in Fig.38 


WPS Add Client 


Your AP is now waiting for the STA to connect. 


© - Thomson - 2007 


Fig.2-45 WPS Add Client/Push-Button - InProgress 
And WPS Configure Status will be “In progress”, after establishing the connection the WPS 


Configure Status will be “Success!” as shown below. After successful connection the client will get 
IP address from AP and then internet will be accessible. 


WPS Setup AP SUCCESSFUL 


AP Configuration is complete. Click 'Continue’ to return to the previous page. 


WPS Configure Status: Success 


Fig.2-46 WPS Add Client/Push-Button - Success 
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If you select WPS Method to “PIN” then it will ask for PIN while configuring the Wireless AP by 


showing a text box so, you need to enter PIN to establish the connection. You can get the PIN from your 
connected Wi-Fi client. 


WPS Add Client 
Adda client: © Push-Button @ PIN |: 


PIN: 


Fig. 2-47 WPS Add Client/PIN 


@ PIN: Use this option to set the PIN, enter 4-8 digits PIN of the device you wish to configure. After 
entering the pin click “Add” button, then the WPS Setup AP page will appear as shown in Fig.2-39 


WPS Setup AP 


Your AP is now waiting for the STA to connect. 


Abort | 


Entered PIN: 54461147 


WPS Configure Status: InProgress 


Fig. 2-48 WPS Add Client/PIN - Inprogress 


And WPS Configure Status will be “In progress”, after establishing the connection the WPS 
Configure Status will be “Success!” as shown below. After successful connection the client will get 
IP address from AP and then internet will be accessible. 


WPS Setup AP SUCCESSFUL 


AP Configuration is complete. Click 'Continue' to return to the previous page. 


Continue | 


Entered PIN: 


WPS Configure Status: Success 


Fig. 2-49 WPS Add Client/PIN — Success 
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3. Access Control 


This page allows you to control device that can connect to the AP and list all connected clients. Control is 
made by Mac Address. 


technicolor 


Status - Network- Advanced- Firewall- Parental Control- VPN - ireless 
= a 
v 
Wireless 
Radio 
802.11 Access Control : This page allows the configuration of the Access Control to the AP as well as status on the 
Primary Network connected clients. 
>» Access Control 


Administration 


Advanced Web Page Access [Allow | (Allow or Deny Access to Administration Web Page fram PC connected over Wifi.) 
Bridging : 
Wireless Interface | DICK no 89 (00:26:24:3F:90:CF) ¥) 
WWMM 
MAC Restrict Made | Disabled ¥ 
MAC Addresses [ 
L 
| 
Apply 


Connected Clients [ii ACTSSs GST) SSG Mel Maae SSE 


No wireless clients are connected. 


Fig. 2-50 Wireless\Access Control 


@® Administration Web Page Access: This field let you decide if a PC connected over Wi-Fi to the 
Gateway can have access to the Gateway Web Pages. 


@ MAC Restrict Mode: Click Disabled to welcome all of the clients on the network; select Allow to 
permit only the clients on the list to access the cable modem; or choose Deny to prevent the clients 
on the list to access this device. 


@ MAC Address: Your Gateway identifies wireless PCs by their Wireless MAC Address. This 
address consists of a string of 6 pairs of numbers 0-9 and letters A-F, such as 00 90 4B FO FF 50. It 
is usually printed on the Wireless card of the device (e.g. the PCMCIA card in a laptop). 


@ Enter the MAC addresses of the connected clients into the fields, and then click Apply to add them 
to the list for access control. 


Apply: After proper configuration, click Apply to invoke the settings. 


Connected Clients: The information of currently connected clients will be displayed here. 
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4. Advanced 

This page allows you to configure some advanced settings. The factory default values should provide 
good results in most cases. We don’t recommend you change these settings unless you have technical 
knowledge of 802.11 wireless technology. 


For expert users, details of all settings on this web page are provided below. 
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Network - Advanced - 


r 


Status - 


Wireless 
Radio 


Firewall - 


Parental Control - VYVPN- Wireless 
aw 


802.11 Advanced : This page allows configuration of data rates and WiFi thresholds 


Primary Network 


Access Control 
54g™ Mode 


>» Advanced 
54g™ Protection 


Bridging 
Press™ Technology 


wMM Tecnologia Afterburner™ 
Rate 
Beacon Interval 
DTIM Interval | 
Fragmentation Threshold | 
RTS Threshold 
NPHY Rate 
802.11n Protection 


Basic Rate Set | 


54g Auto 
Default ¥| 
Auto ¥ 
Disabled ¥ 
Disabled ¥ 
! 


Auto 
100 

1 
2346 
2347 | 


Auta 


Auto ¥ 


Multicast Rate ¥ 


Auto 


Fig. 2-51 Wireless\Advanced 


@ 54g™ Mode: Except Auto mode, there are three modes for you choose, please check the 
specification of your wireless card and choose a proper setting. 

@ Basic Rate Set: The rates that for all clients want to associate with. Choose “Default” or “All” for 
the 802.11 b/g/n. 

@ 54g™ Protection: To improve the 802.11g performance in 802.11 mixed environments Default 
“Auto” is enabled. 

@ Xpress™ Technology: When Xpress is turned on, aggregate throughput (the sum of the individual 
throughput speeds of each client on the network) can improve by up to 27% in 802.11g-only 
networks, and up to 75% in mixed networks comprised of 802.11g and 802.11b standard equipment. 

@® Tecnologia Afterburner™: To enhancement for the 54g™ platform, It maximum performance 


implementation of the IEEE 802.11g standard. Products with this new technology provide up to 40 
percent greater throughput than typical standard 802.11g systems without impacting the performance 
of neighboring wireless LANs 
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Rate: It decides the speed of data transmission. There are several rates provided here for you to 
choose. Choose any one of it according to your needs by using the drop-down menu. 


Beacon Interval: Set the period of beacon transmissions to allow mobile stations to locate and 
identify a BSS. The measure unit is “time units” (TU) of 1024 microseconds. (Value range: 1~65535) 


DTIM Interval: The value you set here is used to inform mobile stations when multicast frames that 
have been buffered at the Wireless Gateway will be delivered and how often that delivery occurs. 
(Value range: 1~255) 


Fragmentation Threshold: Set the number of the fragmenting frames to make the data to be 
delivered without errors induced by the interference. Frames longer than the value you set here are 
fragmented before the initial transmission into fragments no longer than the value of the threshold. 
(Value range: 256~ 2346) 


RTS Threshold: Set the value for sending a request to the destination. All the frames of a length 

greater than the threshold that you set here will be sent with the four-way frame exchange. And, a 
length less than or equal to the value that you set will not be proceeded by RTS. (Value range: 0~ 

2347) 


NPHY Rate: Set the Physical Layer rate. The rate always set “Use Legacy Rate”. 


802.11n Protection: 
This method provides 802.11g and 802.11b devices can co-exist in the same network without 
“speaking” at the same time. Default “Auto” is enabled. 


Multicast Rate: The baseline levels that wireless device able to deliver in order to connect to the 
Wireless Gateway. Lower multicast rates mean weaker, farther signals are allowed to connection. 
Higher multicast rates mean that only close, strong signals are allowed. 
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5. Bridging 
The Bridging page provides a location where settings can be adjusted related to the WDS (Wireless 
Distribution System) feature. 


WDS is a system that enables the interconnection of access points wirelessly. It may also be referred to as 
repeater mode because it appears to bridge and accept wireless clients at the same time (unlike traditional 
bridging). 


The wireless gateway can be placed in a mode that allows the gateway to communicate with other 
“extender” wireless access points either exclusively or mixed with communications to local PCs. Use this 
page to designate the Remote Bridges the gateway is allowed to communicate with, and to select the 
Wireless Bridging mode. 


technicolor 


Status - Network - Advanced- Firewall- Parental Control - VPN - ireless 
ee 
. 
Wireless 
Radio 
Bridging © This page allows configuration of VVDS features 


Primary Network 


Access Control : ve 
Wireless Bridging | Disabled ¥) 


Advanced Remote Bridges| 
> Bridging 
WMM 
Apply 


Fig. 2-52 Wireless\Bridging 


@® Wireless Bridging: Choose “Disabled” to shutdown this function; select Enabled to turn on the 
function of WDS. 


@ Remote Bridges: Enter the MAC Addresses of the remote Bridges to relay the signals for each other. 
@ Apply: After proper configuration, click Apply to invoke the settings. 
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6. 802.11 Wi-Fi Multimedia: 


Wi-Fi Multimedia (WMM) is a component of the IEEE 802.11e wireless LAN standard for quality of 
service (QoS). The QoS assigns priority to the selected network traffic and prevents packet collisions and 
delays thus improving VoIP calls and watching video over WLANs. 
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b 


Bridging 


Status - Network- Advanced - Firewall- Parental Control- VPN- Wireless 
Le 
r 


Wireless 


Radio 


802.11 Wi-Fi Multimedia © This page allows configuration of the Wi-Fi Multimedia Gas. 


Primary Network 


Access Control 


VVMM Support On ¥ 


Advanced No-Acknowledgement | Off ¥ 


Power Save Support |On ¥ 


WWMM 


on F TXOP(b) TXOP{a/g) Discard 
EDCA AP Parameters: CVVmin CVV¥max AIFSN Limit (usec) Limit (usec) Oldest First 


AC_BE |15 63 3 0 0 Off ¥ 
AC_BK |15 1023 | |7 Q Q ‘Off ¥ 
AC_VI|7 15 \4 6016 3008 Off ¥ 
AC_VO |3 7 id 3264 1504 Off ¥ 
EDCA STA Parameters: 
AC_BE |15 1023 | 3 0 0 
AC_BK|15 | {1023 | [7 eo | ff | 
AC_VI|7 15 2 6016 3008 
AC_VO |3 ee 3264 1504 


Fig.2-53 Wireless\WMM 
Enable WMM: This field allows you to enable WMM to improve multimedia transmission. 


Enable WMM No-Acknowledgement: This field allows you to enable WMM No- 
Acknowledgement. 


Power Save Support: This field allows you to enable WMM Power-Save-Support. 


EDCA AP parameters: proposal : specifies the transmit parameter for traffic transmitted from the 
AP to the STA for the 4 Access Categories: Best effort (AC_BE), Background (AC_BK) Video 
(AC_VJ) and voice (AC_VO). Transmit parameters include contention window (CWmin CWmax) , 
arbitration Inter Frame Spacing Number AIFSN, and Transmit opportunity Limit (TXOP limit ). 
Admission Control specifies if admission control is enforced for the Access categories. Discard 
Oldest first specified the discard policy for the queues , On discards the oldest first ; off discards the 
newest first. 


EDCA STA parameters: proposal : specifies the transmit parameter for traffic transmitted from the 

STA to the AP for the 4 Access Categories :Best effort (AC_BE), Background (AC_BK) Video 

(AC_VIJ) and voice AC_VO. Transmit parameters include contention window (CWmin CWmax) , 
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arbitration Inter Frame Spacing Number AIFSN, and Transmit opportunity Limit (TXOP limit ). 


@ WMM TXOP parameters: proposal : specifies the transmit parameter for traffic transmitted from 
the TXOP to the AP for the 4 Access Categories :Best effort (AC_BE), Background (AC_BK) Video 
(AC_VIJ) and voice(AC_VO). Transmit parameters include Short Retry Limit , Short Fallbk Limit , 
Long Retry Limit , Long Fallbk Limit , and Max Rate in 500kbps. 
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CHAPTER 3: NETWORKING 


Communications 


Data communication involves the flow of packets of data from one device to another. These devices 
include personal computers, Ethernet, cable modems, digital routers and switches, and highly integrated 
devices that combine functions, like the Wireless Cable Gateway. 


The gateway integrates the functionality often found in two separate devices into one. It’s both a cable 
modem and an intelligent Wireless Gateway networking device that can provide a host of networking 
features, such as NAT and firewall. Fig.3-1 illustrates this concept, with the cable modem (CM) 
functionality on the left, and networking functionality on the right. In this figure, the numbered arrows 
represent communication based on source and destination, as follows: 


Cable Modem Section Networking Section 


WAN CM IP CPE IP LAN 
IP Stack 1 IP Stack 2 
Connected to your PC via: 


*# Ethernet 
802.11b/g/n 


ies) 


Cable service 


Fig.3-1 Communication between your PCs and the network side 
Type of Communication 


1. Communication between the Internet and your PCs 
Example: The packets created by your request for a page stored at a web site, and the contents of that 
page sent to your PC. 


2. Communication between your cable company and the cable modem side 
Example: When your cable modem starts up, it must initialize with the cable company, which requires 
the cable company to communicate directly with the cable modem itself. 


3. Communication between your PCs and the networking side 


Example: The Wireless Cable Gateway offers a number of built-in web pages which you can use to 
configure its networking side; when you communicate with the networking side, your communication is 
following this path. Each packet on the Internet addressed to a PC in your home travels from the Internet 
down- stream on the cable company’s system to the WAN side of your Wireless Cable Gateway. There it 
enters the Cable Modem section, which inspects the packet, and based on the results, proceeds to either 
forward or block the packet from proceeding on to the Networking section. Similarly, the Networking 
section then decides whether to forward or block the packet from proceeding on to your PC. 
Communication from your home device to an Internet device works similarly, but in reverse, with the 
packet traveling upstream on the cable system. 
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Cable Modem (CM) Section 


The cable modem (or CM) section of your gateway uses DOCSIS or EURO-DOCSIS Standard cable 
modem technology. DOCSIS or EURO-DOCGSIS specifies that TCP/IP over Ethernet style data 
communication be used between the WAN interface of your cable modem and your cable company. 


A DOCSIS or EURO-DOCSIS modem, when connected to a Cable System equipped to support such 
modems, performs a fully automated initialization process that requires no user intervention. Part of this 
initialization configures the cable modem with a CM IP (Cable Modem Internet Protocol) address, as 
shown in Figure 3-2, so the cable company can communicate directly with the CM itself. 


Networking Section 


The Networking section of your gateway also uses TCP/IP (Transmission Control Protocol/ Internet 
Protocol) for the PCs you connected on the LAN side. TCP/IP is a networking protocol that provides 
communication across interconnected networks, between computers with diverse hardware architectures 
and various operating systems. 


TCP/IP requires that each communicating device be configured with one or more TCP/IP stacks, as 
illustrated by Fig.3-2. On a PC, you often use software that came with the PC or its network interface (if 
you purchased a network interface card separately) to perform this configuration. To communicate with 
the Internet, the stack must also be assigned an IP (Internet Protocol) address. 192.168.100.1 is an 
example of an IP address. A TCP/IP stack can be configured to get this IP address by various means, 
including a DHCP server, by you directly entering it, or sometimes by a PC generating one of its own. 


Ethernet requires that each TCP/IP stack on the Wireless Cable Gateway also have associated with it an 
Ethernet MAC (Media Access Control) address. MAC addresses are permanently fixed into network 
devices at the time of their manufacture. 00:90:64:12:B1:91 is an example of a MAC address. 


Data packets enter and exit a device through one of its network interfaces. The gateway offers Ethernet 
and 802.11b/g/n wireless network interfaces on the LAN side and the DOCSIS network interface on the 
WAN side. 


When a packet enters a network interface, it is offered to all the TCP/IP stacks associated with the device 

side from which it entered. But only one stack can accept it — a stack whose configured Ethernet address 
matches the Ethernet destination address inside the packet. Furthermore, at a packet’s final destination, its 
destination IP address must also match the IP address of the stack. 


Each packet that enters a device contains source MAC and IP addresses telling where it came from, and 
destination MAC and IP addresses telling where it is going to. In addition, the packet contains all or part 
of a message destined for some application that is running on the destination device. IRC used in an 
Internet instant messaging program, HTTP used by a web browser, and FTP used by a file transfer 
program are all examples of applications. Inside the packet, these applications are designated by their port 
number. Port 80, the standard HTTP port, is an example of a port number. 


The Networking section of the router performs many elegant functions by recognizing different packet 
types based upon their contents, such as source and destination MAC address, IP address, and ports. 


Three Networking Modes 


Your gateway can be configured to provide connectivity between your cable company and your home 
LAN in any one of three Networking Modes: CM, RG, and CH. This mode setting is under the control of 
your cable company, who can select the mode to match the level of home networking support for which 
you have subscribed. All units ship from the factory set for the RG mode, but a configuration file which 
the cable company sends the cable modem section during its initialization can change it. 
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Cable Modem (CM) Mode 


Cable 
Operator 


CM Mode 


Wireless Voice Cable Gateway 
behaves as a bridge 


Wireless r 

Voice \ 

Cable s a 
GateWay -_ ; 


CPE 1 CPE 2 
111.111.1.12 111.111.1.13 


Fig. 3-2 Cable Modem Mode 


CM/Networking 


IP Stack 1 IP Stack 2 


199.111.1.11 92.168.100.1 


WAN LAN 


Fig. 3-3 Two IP stacks are activated in cable modem mode 


CM (Cable Modem) Mode provides basic home networking. In this mode, two IP stacks are active: 


e IP Stack 1 - for use by the cable company to communicate with the cable modem section only. This 
stack receives its IP address from the cable company during CM initialization. It uses the MAC 
address printed on the label attached to the Wireless Cable gateway. 


e IP Stack 2 - for use by you, the end user, to communicate with the cable modem and Networking 
sections, to access the internal web page diagnostics and configuration. This stack uses a fixed IP 
address: 192.168.100.1. It uses a MAC address 00:10:95:FF:FF:FE. 


With CM Mode, your cable company must provide one IP address for the CM section, plus one for each 
PC you connect from their pool of available addresses. Your cable company may have you or your 
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installer manually enter these assigned addresses into your PC, or use a DHCP Server to communicate 
them to your PCs, or use a method that involves you entering host names into your PCs. 


Note that in CM Mode, packets passing to the Internet to/from your PCs do not travel through any of the 
IP stacks; instead they are directly bridged between the WAN and LAN sides. 


Residential Gateway (RG) Mode 


Cable 
Operator 


RG & CH Modes 
Wireless Voice Cable Gateway 


WAN behaves as a gateway 


Wireless 


Voice 
Cable 
GateWay 
CPE 1 CPE 2 
192.168.0.10 192.168.0.11 


Fig. 3-4 Residential Gateway Mode 


ow 
IP Stack 5 
192.168.0.1 


WAN 


Fig. 3-5 Three IP stacks are activated in cable modem mode 


RG (Residential Gateway) Mode provides basic home networking plus NAT (Network Address 
Translation). In this mode, three IP stacks are active: 


e IP Stack 1 - for use by the cable company to communicate with the Cable Modem section only. This 
stack receives its IP address from the cable company during CM initialization. It uses the MAC 
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address printed on the label attached to the Wireless Cable Gateway. 


e IP Stack 3 - for use by you to remotely (i.e. from somewhere on the WAN side, such as at your 
remote workplace) communicate with the Cable Modem and Networking sections, to remotely access 
the internal web page diagnostics and configuration. This stack is also used by your cable company to 
deliver packets between the Internet and the gateway’s networking section so they can be routed 
to/from your PCs. This stack requires an IP address assigned by the cable company from their pool of 
available addresses. Your cable company may have you or your installer manually enter assigned 
addresses into your gateway, or use a DHCP Server to communicate them, or use a method that 
involves you entering host names. This stack uses a MAC address of MAC label + 2 (the MAC label 
is found on the bottom of the unit). E.g., if the MAC address is 00:90:64:12:B1:91, this MAC address 
would be 00:90:64:12:B1:93. 


e IP Stack 5 - for use by you to locally (i.e. from somewhere on the LAN side in your home) 
communicate with the Cable Modem and Networking sections, to access the internal web page 
diagnostics and configuration. This stack is also used by the gateway’s networking section to route 
packets between the gateway’s Networking section and your PCs. This stack uses a fixed IP address: 
192.168.0.1. It uses a MAC address of MAC label + 4 (the MAC label is found on the bottom of the 
unit). E.g., if the MAC address is 00:90:64:12:B1:91, this MAC address would be 00:90:64:12:B1:95. 


With RG Mode, your cable company must provide one IP address for the CM section, plus one for the 
Networking section, from their pool of available addresses. With RG Mode, each PC you connect gets an 
IP address from a DHCP Server that is part of the Networking section of the gateway. 
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CHAPTER 4: ADDITIONAL INFORMATION 


Frequently Asked Questions 


Q. 
A. 


© 


Q. 
A. 


Q. 
A. 


What if I don’t subscribe to cable TV? 


If cable TV is available in your area, data and voice service may be made available with or without 
cable TV service. Contact your local cable company for complete information on cable services, 
including high-speed internet access. 


. How do I get the system installed? 


. Professional installation from your cable provider is strongly recommended. They will ensure proper 


cable connection to the modem and your computer. However, your retailer may have offered a self 
installation kit, including the necessary software to communicate with your cable ISP. 


Once my Wireless Gateway is connected, how do I get access to the Internet? 


Your local cable company provides your internet service*, offering a wide range of services including 
email, chat, and news and information services, and a connection to the World Wide Web. 


It seems that the wireless network is not working 


Check the Wireless LED on the front panel. If it is no lighted, press on the WPS button shortly, less 
than 1 second, on the side of the modem, and then check again the Wireless LED. If it is lighted, then 
the Wireless transmission is enabled. 


Can I watch TV, surf the Internet, and talk to my friends through the Wireless Gateway at the same 
time? 


Absolutely! 
What do you mean by “Broadband?” 


Simply put, it means you’ll be getting information through a “bigger pipe,” with more bandwidth, than 
a standard phone line can offer. A wider, “broader” band means more information, more quickly. 


What is DOCSIS and what does it mean? 


“Data over Cable Service Interface Specifications” is the industry standard that most cable companies 
are adopting as they upgrade their systems. Should you ever decide to move, the Wireless Gateway 
will work with all upgraded cable systems that are Euro-DOCSIS-compliant. 


What is PacketCable and what does it mean? 


PacketCable is the industry standard for telephony services that most cable companies are adopting as 
they upgrade their systems. Should you ever decide to move, the Wireless Gateway will work with all 
upgraded cable systems that are PacketCable compliant. 


What is Xpress Technology and what does it mean? 


It is one of the popular performance-enhancing Wi-Fi technologies, designed to improve wireless 
network efficiency and boost throughput. It is more efficient in mixed environments, and it can work 
with 802.11a/b/g networks. When Xpress is turned on, aggregate throughput (the sum of the individual 
throughput speeds of each client on the network) can improve by up to 27% in 802.11g-only networks, 
and up to 75% in mixed networks comprised of 802.11g and 802.11b standard equipment. The 
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technology achieves higher throughput by re-packaging data, reducing the number of overhead control 
packets, so that more useful data can be sent during a given amount of time. 


* Monthly subscription fee applies. 


** Additional equipment required. Contact your Cable Company and ISP for any restrictions or additional 
fees. 
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General Troubleshooting 


You can correct most problems you have with your product by consulting the troubleshooting list that 
follows. 


I can’t access the internet. 
@ Check all of the connections to your Wireless Gateway. 
@® Your Ethernet card may not be working. Check each product’s documentation for more information. 


@ The Network Properties of your operating system may not be installed correctly or the settings may 
be incorrect. Check with your ISP or cable company. 


I can’t get the modem to establish an Ethernet connection. 


@ Even new computers don’t always have Ethemet capabilities — be sure to verify that your computer 
has a properly installed Ethernet card and the driver software to support it. 


@ Check to see that you are using the right type of Ethernet cable. 
The modem won’t register a cable connection. 


@ If the modem is in Initialization Mode, the INTERNET light will be flashing. Call your Cable 
Company if it has not completed this 5-step process within 30 minutes, and note which step it is 
getting stuck on. 


@ The modem should work with a standard RG-6 coaxial cable, but if you’re using a cable other than 
the one your Cable Company recommends, or if the terminal connections are loose, it may not work. 
Check with your Cable Company to determine whether you’re using the correct cable. 


@ If you subscribe to video service over cable, the cable signal may not be reaching the modem. 
Confirm that good quality cable television pictures are available to the coaxial connector you are 
using by connecting a television to it. If your cable outlet is “dead”, call your Cable Company. 


@ Verify that the Cable Modem service is DOCSIS compliant and PacketCable compliant by calling 
your cable provider. 


For more Usage and Troubleshooting Tips use the web site links provided on the CD-ROM: 


www.technicolor.com 
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Service Information 


If you purchased or leased your Wireless Gateway directly from your cable company, then warranty 
service for the Digital Cable Modem may be provided through your cable provider or its authorized 
representative. For information on 1) Ordering Service, 2) Obtaining Customer Support, or 3) Additional 
Service Information, please contact your cable company. If you purchased your Wireless Gateway from a 


retailer, see the enclosed warranty card. 
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Glossary 


10/100/1000 BaseT — Unshielded, twisted pair cable with an RJ-45 connector, used with Ethernet LAN 
(Local Area Network). “10/100/1000” indicates speed (10/100/1000 BaseT), “Base” refers to baseband 
technology, and “T” means twisted pair cable. 


Authentication - The process of verifying the identity of an entity on a network. 


DHCP (Dynamic Host Control Protocol) — A protocol which allows a server to dynamically assign IP 
addresses to workstations on the fly. 


Ethernet adapters — A plug-in circuit board installed in an expansion slot of a personal computer. The 
Ethernet card (sometimes called a Network Interface Card , network adapter or NIC) takes parallel data 
from the computer, converts it to serial data, puts it into a packet format, and sends it over the 
10/100/1000 BaseT LAN cable. 


DOCSIS (Data Over Cable Service Interface Specifications) — A project with the objective of 
developing a set of necessary specifications and operations support interface specifications for Cable 
Modems and associated equipment. 


F Connector — A type of coaxial connector, labeled CABLE IN on the rear of the Wireless Gateway that 
connects the modem to the cable system. 


HTTP (HyperText Transfer Protocol) — Invisible to the user, HTTP is used by servers and clients to 
communicate and display information on a client browser. 


Hub — A device used to connect multiple computers to the Wireless Gateway. 


IP Address — A unique, 32-bit address assigned to every device in a network. An IP (Internet Protocol) 
address has two parts: a network address and a host address. This modem receives a new IP address from 
your cable operator via DHCP each time it goes through Initialization Mode. 


Key exchange - The swapping of mathematical values between entities on a network in order to allow 
encrypted communication between them. 


MAC Address — The permanent “identity” for a device programmed into the Media Access Control layer 
in the network architecture during the modem’s manufacture. 


NID - Network Interface Device, the interconnection between the internal house telephone wiring and a 
conventional telephone service provider’s equipment. These wiring connections are normally housed in a 
small plastic box located on an outer wall of the house. It is the legal demarcation between the 
subscriber’s property and the service provider’s property. 


PacketCable — A project with the objective of developing a set of necessary telephony specifications and 
operations support interface specifications for Wireless Gateways and associated equipment used over the 
DOCSIS based cable network. 


PSTN (Public Switched Telephone Network) — The worldwide voice telephone network which 
provides dial tone, ringing, full-duplex voice band audio and optional services using standard telephones. 


Provisioning - The process of enabling the Media Terminal Adapter (MTA) to register and provide 
services over the network. 
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TCP/IP (Transmission Control Protocol/Internet Protocol) — A networking protocol that provides 


communication across interconnected networks, between computers with diverse hardware architectures 
and various operating systems. 


TFTP - Trivial File Transfer Protocol, the system by which the Media Terminal Adapter’s configuration 
data file is downloaded. 


TSP - Telephony Service Provider, an organization that provides telephone services such as dial tone, 
local service, long distance, billing and records, and maintenance. 


Xpress Technology - One of the popular performance-enhancing WiFi technologies, designed to improve 
wireless network efficiency and boost throughput. It is more efficient in mixed environments, and it can 
work with 802.11a/b/g networks. 


TECHNICOLOR Inc. 
101 W. 103rd St., INH700 Indianapolis, IN. 46290 USA 
Tel: +1 (317) 587-3000 - Fax: +1 (317) 587-6763 


www.technicolor.com 
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